A week ago Joe Walker posted a note on the insecurity of JSON. I’m using JSON for almost anything so I was shocked a bit by his findings. Sleepless nights went by and then I thought of a counter hack so one could secure his JSON again. I remembered a post by Dean Edwards (yeah, the packer guy) about subclassing Array objects. In this article I’ll present a way to take over the hacked Array object, and secure it again.
I believe that JSON is unsafe for anything but public data unless you are using unpredictable URLs.
There are 2 problems. CSRF (Cross Site Request Fogery) allows attackers to bypass cookie based authentication. I blogged about it a while ago. Wikipedia talks about it. CSRF allows you to invoke cookie protected actions on a remote server. It allows Mr. Evil to trick Mrs. Innocent into transferring money from her bank account into his.
Far less known perhaps, is the JSON/Array hack that allows a user to steal JSON data on Mozilla and any other platform with a modern JavaScript interpreter.
The downside
The downside of this fix is that you don’t know when to apply the fix. A hacker can use a delayed or interval function to apply the hack, so basically each time you touch an Array object you’ve to apply the fix to be sure it’s safe to send data.
 Read Full Tutorial
|
Rate this Ajax Tutorials
Error connecting to mysql
|
|
Special offer for AjaxImpact.com Visitors!!
Subscribe to Oracle Magazine for Free!
